This is a note to let you know that I've just added the patch titled
netrom: fix invalid use of sizeof in nr_recvmsg()
to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netrom-fix-invalid-use-of-sizeof-in-nr_recvmsg.patch
and it can be found in the queue-3.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From bef41eeabe2f888ff26e05497b78574a6ab4d906 Mon Sep 17 00:00:00 2001
From: Wei Yongjun <yongjun_wei@xxxxxxxxxxxxxxxxx>
Date: Tue, 9 Apr 2013 10:07:19 +0800
Subject: netrom: fix invalid use of sizeof in nr_recvmsg()
From: Wei Yongjun <yongjun_wei@xxxxxxxxxxxxxxxxx>
[ Upstream commit c802d759623acbd6e1ee9fbdabae89159a513913 ]
sizeof() when applied to a pointer typed expression gives the size of the
pointer, not that of the pointed data.
Introduced by commit 3ce5ef(netrom: fix info leak via msg_name in nr_recvmsg)
Signed-off-by: Wei Yongjun <yongjun_wei@xxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/netrom/af_netrom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1177,7 +1177,7 @@ static int nr_recvmsg(struct kiocb *iocb
}
if (sax != NULL) {
- memset(sax, 0, sizeof(sax));
+ memset(sax, 0, sizeof(*sax));
sax->sax25_family = AF_NETROM;
skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
AX25_ADDR_LEN);
Patches currently in stable-queue which might be from yongjun_wei@xxxxxxxxxxxxxxxxx are
queue-3.4/esp4-fix-error-return-code-in-esp_output.patch
queue-3.4/netrom-fix-invalid-use-of-sizeof-in-nr_recvmsg.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html